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DETAILED ACTION 



1 . Claims 1-31 are pending in this Office Action 

Priority 

2. This application claims the benefit of provisional application 60/201 ,443 filed 
05/03/2000. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) submitted on 01/16/02 has been 
considered by the examiner. 

Claim Objections 

4. Claim 8 is objected to because of the following informalities: In line 2, 'form' 
should be 'from'. Appropriate correction is required. 



5. Claim 31 is objected to because of the following informalities: In lines 3 and 5, 
the gateways should be referenced in a consistent manner as either 'gateway' or 
'security gateway'. Appropriate correction is required. 
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Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C, 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

7. Claims 1-3, 6-8, 11-15, 18, 19, 21-23, 27, 28, 30 and 31 are rejected under 35 
U.S.C. 102(e) as being anticipated by U.S. Patent 6,473,798 by Grosser, Jr. et al. 
(Grosser). 

8. With respect to Claim 1 , Grosser teaches a method of determining if a link is 
alive (Col. 1 lines 8-14), comprising: establishing a secure link (Col. 1 lines 33-55) 
between a first node (Col. 3 lines 22-33) and a second node (Col. 3 lines 46-49) 
according to a security protocol (Col. 4 lines 23-28); sending at least one ping message 
targeting the second node over the secure link (Col. 6 lines 34-60), the at least one ping 
message defined outside the security protocol (Col. 6 lines 53-60); and monitoring for at 
least one ping reply to determine if the secure link is alive (Col. 6 line 61 - Col. 7 line 8). 

9. With respect to Claim 2, Grosser teaches all the limitations of Claim 1 and further 
teaches establishing the secure link comprises establishing a virtual private network 
session (Col. 1 lines 33-41). 
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10. With respect to Claim 3, Grosser teaches all the limitations of Claim 1 and further 
teaches establishing the secure link comprises establishing a link protected by an 
Internet Protocol Security protocol (Col. 4 lines 23-28). 

1 1 . With respect to Claim 6, Grosser teaches all the limitations of Claim 1 and further 
teaches establishing the secure link comprises establishing the secure link between first 
and second nodes each comprising a security gateway (Col. 3 lines 23-28 and lines 34- 
39). 

12. With respect to Claim 7, Grosser teaches all the limitations of Claim 6 and further 
teaches sending at least one ping message targeting another node behind the second 
node (Col 6 lines 37-51). 

13. With respect to Claim 8, Grosser teaches all the limitations of Claim 7 and further 
teaches monitoring for at least one ping reply from the other node (Col. 6 line 61 - Col. 
7 line 8). 

14. With respect to Claim 1 1 , Grosser teaches a method of communicating with a 
remote node (Col. 1 lines 8-14 and Col. 3 lines 46-49), comprising: establishing a 
secure link (Col. 1 lines 33-55 and Col. 4 lines 23-28) between a first security gateway 
(Col. 3 lines 23-28) and a second security gateway (Col. 3 lines 34-39), the remote 
node in communication with the second security gateway; sending at least one ping 
message to the remote node over the secure link and through the second security 
gateway (Col. 6 lines 34-60); and monitoring for at least one ping reply from the remote 
node to determine if the secure link is alive (Col. 6 line 61 - Col. 7 line 8). 
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1 5. With respect to Claim 1 2, Grosser teaches all the limitations of Claim 1 1 and 
further teaches establishing a secure link comprises establishing a secure link protected 
by an Internet Protocol Security protocol (Col. 4 lines 23-28). 

16. With respect to Claim 13, Grosser teaches all the limitations of Claim 1 1 and 
further teaches establishing the secure link comprises establishing a virtual private 
network session (Col. 1 lines 33-41 ). 

17. With respect to Claim 14, Grosser teaches all the limitations of Claim 1 1 and 
further teaches establishing the secure link comprises establishing a secure link 
protected according to a security protocol (Col. 4 lines 23-28). 

18. With respect to Claim 1 5, Grosser teaches all the limitations of Claim 14 and 
further teaches sending the at least one ping message comprises sending at least one 
ping message defined outside the security protocol (Col. 6 lines 53-60). 

19. With respect to Claim 18, Grosser teaches a system for communicating (Col. 1 
lines 8-14) between a network element and a remote node (Col. 3 lines 46-49), 
comprising: a security module adapted to establish a secure link with the remote node, 
the secure link (Col. 1 lines 33-55), having a security mechanism according to a security 
protocol (Col. 4 lines 23-28); and a keep-alive module adapted to send at least one ping 
message over the secure link to the remote node (Col. 6 lines 34-60), the at least one 
ping message defined outside the security protocol (Col. 6 lines 53-60). 

20. With respect to Claim 19, Grosser teaches all the limitations of Claim 18 and 
further teaches the security protocol comprises an Internet Protocol Security Protocol 
(Col. 4 lines 23-28). 
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21 . With respect to Claim 21 . Grosser teaches all the limitations of Claim 18 and 
further teaches an interface to a packet-based network, the secure link established over 
the packet-based network; and a layer to control communications over the 
packet-based network (Col. 1 lines 16-42 and lines 43-48). 

22. With respect to Claim 22, Grosser teaches all the limitations of Claim 21 and 
further teaches the layer comprises an Internet Protocol layer (Col. 1 lines 16-21). 

23. With respect to Claim 23, Grosser teaches all the limitations of Claim 18 and 
further teaches the keep-alive module is adapted to further monitor for at least one ping 
reply responsive to the at least one ping message to determine if the secure link is alive 
(Col. 6 line 61 - Col. 7 line 8). 

24. With respect to Claim 27, Grosser teaches an article comprising at least one 
storage medium containing instructions for controlling communications (Col. 7 lines 20- 
47), the instnjctions when executed causing a controller to: establish a secure link (Col. 
1 lines 33-55) between a first node (Col. 3 lines 22-33) and a second node (Col. 3 lines 
46-49) according to a security protocol (Col. 4 lines 23-28); send at least one ping 
message targeting the second node over the secure link (Col. 6 lines 34-60), the at 
least one ping message defined outside the security protocol (Col. 6 lines 53-60); and 
monitor for at least one ping reply to determine if the secure link is alive (Col. 6 line 61 - 
Col. 7 line 8). 

25. With respect to Claim 28, Grosser teaches all the limitations of Claim 27 and 
further teaches the instructions when executed cause the controller to further establish 
an Internet Protocol security association for the secure link (Col. 4 lines 23-28). 
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26. With respect to Claim 30, Grosser teaches all the limitations of Claim 27 and 
further teaches the controller is part of the first node (Col. 5 lines 24-28). 

27. With respect to Claim 31 , Grosser teaches a data signal embodied in a carrier 
wave and containing instructions for controlling communications (Col, 7 lines 20-47), 
the instructions when executed causing a system to : establish a secure link (Col. 1 
lines 33-55 and Col. 4 lines 23-28) between a first gateway (Col. 3 lines 23-28) and a 
second security gateway (Col. 3 lines 34-39), send at least one ping message to a 
remote node over the secure link and through the second security gateway (Col. 6 lines 
34-60); and monitor for at least one ping reply from the remote node to determine if the 
secure link is alive (Col. 6 line 61 - Col. 7 line 8). 

Claim Rejections '35 use §103 

28. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject nnatter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

29. Claims 4, 5, 16, 17 and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Grosser in view of U.S. Patent 6,182,226 by Reid et al. (Reid). 

30. With respect to Claim 4, Grosser teaches all the limitations of Claim 3 but does 
not explicitly disclose sending a ping message comprising sending at least one Internet 
Control Message Protocol (ICMP) message. Reid teaches sending a ping message 
may comprise sending at least one ICMP message (Col. 1 5 lines 59-61 ). It would have 
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been obvious to one of ordinary skill in the art at the time the invention was made to 
take the method disclosed by Grosser and modify it as indicated by Reid such that 
sending the at least one ping message comprises sending at least one Internet Control 
Message Protocol message. One would be motivated to have this since it is a 
"commonly known" way to send a ping message and could therefore be more easily 
incorporated into existing systems (Col. 15 lines 59-61). 

31 . With respect to Claim 5, Grosser teaches all the limitations of Claim 1 but does 
not explicitly disclose sending a ping message comprising sending at least one Internet 
Control Message Protocol (ICMP) message. Reid teaches sending a ping message 
may comprise sending at least one ICMP message (Col. 15 lines 59-61). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
take the method disclosed by Grosser and modify it as indicated by Reid such that 
sending the at least one ping message comprises sending at least one Internet Control 
Message Protocol message. One would be motivated to have this since it is a 
"commonly known" way to send a ping message and could therefore be more easily 
incorporated into existing systems (Col. 15 lines 59-61). 

32. With respect to Claim 16, Grosser teaches all the limitations of Claim 1 5 but does 
not explicitly disclose sending a ping message comprising sending at least one Internet 
Control Message Protocol (ICMP) message. Reid teaches sending a ping message 
may comprise sending at least one ICMP message (Col. 15 lines 59-61). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
take the method disclosed by Grosser and modify it as indicated by Reid such that 
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sending the at least one ping message comprises sending at least one Internet Control 
Message Protocx)! message. One would be motivated to have this since it is a 
"commonly known" way to send a ping message and could therefore be more easily 
incorporated into existing systems (Col. 15 lines 59-61). 

33. With respect to Claim 1 7, Grosser in view of Reid teaches all the limitations of 
Claim 16 and further teaches establishing a secure link comprises establishing a secure 
link according to an Internet Protocol Security protocol (Col. 4 lines 23-28 of Grosser). 

34. With respect to Claim 20, Grosser teaches all the limitations of Claim 18 but does 
not explicitly disclose the ping message comprising an Internet Control Message 
Protocol (ICMP) message. Reid teaches a ping message may comprise a ICMP 
message (Col. 15 lines 59-61). It would have been obvious to one of ordinary skill in 
the art at the time the invention was made to take the system disclosed by Grosser and 
modify it as indicated by Reid such that the at least one ping message comprises an 
Internet Control Message Protocol message. One would be motivated to have this 
since it is a "commonly known" way to send a ping message and could therefore be 
more easily incorporated into existing systems (Col. 15 lines 59-61). 

35. Claims 9, 10, 24, 25 and 29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Grosser in view of U.S. Patent 6,636,898 by Ludovici et al. 
(Ludovici). 

36. With respect to Claim 9, Grosser teaches all the limitations of Claim 1 . Although 
Grosser teaches remedial action may occur to correct a link that is not alive (Col. 5 lines 
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9-12), Grosser does not explicitly disclose tearing down the secure link if it is 
determined to not be alive. Ludovici teaches that in a VPN using a secure link, such as 
those using IPSec protocol (Col. 1 lines 49-52), the link should be torn down when 
errors concerning the link are detected (Col. 1 line 57 - Col. 2 line 10). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
take the method of Grosser and modify it as indicated by Ludovici such that the method 
further comprises tearing down the secure link if the secure link is determined not to be 
alive. One would be motivated to have this as it ensures the system is not 
compromised and enables more efficient management of connection lifetimes and 
security associations (Col. 1 line 57 - Col. 2 line 10). 

37. With respect to Claim 10, Grosser in view of Ludovici teaches all the limitations of 
Claim 9 and further teaches tearing down the secure link comprises tearing down a 
security association according to an Internet Protocol Security protocol (Col. 1 lines 49- 
51 and Col. 5 lines 30-36 of Ludovici). 

38. With respect to Claim 24, Grosser teaches all the limitations of Claim 23. Grosser 
teaches remedial action may occur to correct a link that is not alive (Col. 5 lines 9-12), 
but does not explicitly disclose the security module being adapted to tear down a 
security association of a secure link if it is not alive. Ludovici teaches that in a VPN 
using a secure link, such as those using IPSec protocol (Col. 1 lines 49-52), the link and 
its security associations (Col. 1 lines 49-51 and Col. 5 lines 30-36) should be torn down 
when errors concerning the link are detected (Col. 1 line 57 - Col. 2 line 10). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
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to take the system of Grosser and modify it as indicated by Ludovici such that the 
security module is adapted to tear down a security association of the secure link if the 
secure link is not alive. One would be motivated to have this as it ensures the system is 
not compromised and enables more efficient management of connection lifetimes and 
security associations (Col. 1 line 57 - Col. 2 line 10). 

39. With respect to Claim 25, Grosser in view of Ludovici teaches all the limitations of 
Claim 24 and further teaches the security association comprises an Internet Protocol 
Security protocol security association (Col. 1 lines 49-52 of Ludovici). 

40. With respect to Claim 29, Grosser teaches all the limitations of Claim 28. Grosser 
teaches remedial' action may occur to correct a link that is not alive (Col. 5 lines 9-12), 
but does not explicitly disclose tearing down the security association if the controller 
does not receive the at least one ping reply. Ludovici teaches that in a VPN using a 
secure link, such as those using IPSec protocol (Col. 1 lines 49-52), the link and its 
security associations (Col. 1 lines 49-51 and Col. 5 lines 30-36) should be torn down 
when errors concerning the link are detected (Col. 1 line 57 - Col. 2 line 10). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
to take the system of Grosser and modify it as indicated by Ludovici such that the 
instructions when executed cause the controller to tear down the security association if 
the controller does not receive the at least one ping reply. One would be motivated to 
have this as it ensures the system is not compromised and enables more efficient 
management of connection lifetimes and security associations (Col. 1 line 57 - Col. 2 
line 10). 
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41 . Claim 26 is rejected under 35 U.S.C. 103(a) as being unpatentable over Grosser 
in view of U.S. Patent 6,1 73,41 1 by Hirst et al. (Hirst). Grosser teaches all the 
limitations of Claim 18 and further teaches the keep-alive module is adapted to further 
monitor for at least one ping reply responsive to the at least one ping message to 
determine if the secure link is alive (Col. 6 line 61 - Col. 7 line 8). Although Grosser 
teaches remedial action may occur to correct a link that is not alive (Col. 5 lines 9-12), 
Grosser does not explicitly disclose establishing a link over a secondary communication 
network if the secure link is not alive. However, Hirst teaches that upon detecting a link 
is not alive, one can establish a link over a secondary communication network (Col. 2 
line 54 - Col. 3 line 13). It would have been obvious to one of ordinary skill in the art at 
the time the invention was made to take the system disclosed by Grosser and modify it 
as indicated by Hirst such that the system further comprises a module adapted to 
establish a link over a secondary communication network if the secure link is not alive. 
One would be motivated to have this since the reliability of a network connection is a 
critical concern (Col. 1 lines 20-35). 

Conclusion 

42. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

43. U.S. Patent 6,360,269 by Mamros et al. "Protected keepalive message through 
the internet" March 19, 2002. Same assignee of the instant application. Similar 'ping' 
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message over a secure link with the difference being the 'ping' of IVIamros is not defined 
outside the security protocol used in he secure link. 

44. U.S. Patent 6,1 82,226 by Reid et al. "System and method for controlling 
interactions between networks" January 30, 2001. Discloses ICMP ping over a secure 
link including IPSec protocol. See Col. 15 lines 59-67. 

45. U.S. Patent 6,079,020 by Liu "Method and apparatus for managing a virtual 
private network" June 20, 2000. Discloses the use of a ping message between VPN 
gateways as well as pinging behind a gateway to a node on the network. See Col. 9 
line 59 - Col. 10 line 4 and Fig. 7. 

46. U.S. Patent 6,073,172 by Frailong et al. "Initializing and reconfiguring a secure 
network interface" June 6, 2000. Discloses a system monitor that periodically pings a 
VPN gateway. See Col. 11 lines 60-65. 

47. U.S. Patent 5,864,666 by Shrader et al. "Web-based administration of IP 
tunneling on internet firewalls" January 26,1999. Discloses management of tunnels and 
associated VPN with the ability of pinging any IP address associated with the tunnel. 
See Col. 6 lines 48-63. 

48. U.S. Patent 5,828,833 by Belville et al. "Method and system for allowing remote 
procedure calls through a network firewall" October 27, 1998. Discloses a firewall filter 
and system that pings associated applications servers. Any servers that do not respond 
are disabled from receiving any further messages. See Col. 6 lines 35-55. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David Lazaro whose telephone number is 703-305- 
4868. The examiner can normally be reached on 8:30-5:00 M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hosain Alam can be reached on 703-308-6662. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




David Lazaro 
March 1,2004 
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